Sign-up

ID

VAR-202002-0705


CVE

CVE-2020-3132


TITLE

Cisco Email Security Appliance Resource exhaustion vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002247

DESCRIPTION

A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur

Trust: 2.25

sources: NVD: CVE-2020-3132 // JVNDB: JVNDB-2020-002247 // CNVD: CNVD-2020-14316 // VULHUB: VHN-181257

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-14316

AFFECTED PRODUCTS

vendor:ciscomodel:email security appliancescope:ltversion:12.5.1-037

Trust: 1.6

vendor:ciscomodel:email security appliancescope:ltversion:13.0.0-375

Trust: 1.6

vendor:ciscomodel:cloud email securityscope:ltversion:13.0.0-375

Trust: 1.0

vendor:ciscomodel:cloud email securityscope:ltversion:12.5.1-037

Trust: 1.0

vendor:ciscomodel:cloud email securityscope: - version: -

Trust: 0.8

vendor:ciscomodel:e email security appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:email security appliancescope:eqversion:9.7.1-hp2-207

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:13.0.0-226

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:13.0.0-311

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:12.0.0-419

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:13.0.0-314

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:13.0

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:9.8.5-085

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:12.5.1-037

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:11.1.8-076

Trust: 0.6

vendor:ciscomodel:email security appliancescope:eqversion:12.5.1-031

Trust: 0.6

sources: CNVD: CNVD-2020-14316 // JVNDB: JVNDB-2020-002247 // CNNVD: CNNVD-202002-955 // NVD: CVE-2020-3132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3132
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3132
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-002247
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-14316
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202002-955
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181257
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3132
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002247
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-14316
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-181257
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3132
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3132
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002247
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-14316 // VULHUB: VHN-181257 // JVNDB: JVNDB-2020-002247 // CNNVD: CNNVD-202002-955 // NVD: CVE-2020-3132 // NVD: CVE-2020-3132

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-181257 // JVNDB: JVNDB-2020-002247 // NVD: CVE-2020-3132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202002-955

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202002-955

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002247

PATCH
title:cisco-sa-esa-shrt-dos-wM54R8qAurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-shrt-dos-wM54R8qA
Trust: 0.8
title:Patch for Cisco Email Security Appliance Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/205695
Trust: 0.6
title:Cisco Email Security Appliance  and Cloud Email Security Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110023
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14316 // 
            
            
            
            JVNDB: JVNDB-2020-002247 // 
            
            
            
            CNNVD: CNNVD-202002-955

EXTERNAL IDS
db:NVDid:CVE-2020-3132
Trust: 3.1
db:JVNDBid:JVNDB-2020-002247
Trust: 0.8
db:CNNVDid:CNNVD-202002-955
Trust: 0.7
db:CNVDid:CNVD-2020-14316
Trust: 0.6
db:AUSCERTid:ESB-2020.0609
Trust: 0.6
db:VULHUBid:VHN-181257
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-14316 // 
            
            
            
            VULHUB: VHN-181257 // 
            
            
            
            JVNDB: JVNDB-2020-002247 // 
            
            
            
            CNNVD: CNNVD-202002-955 // 
            
            
            
            NVD: CVE-2020-3132

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2020-3132
Trust: 2.0
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-esa-shrt-dos-wm54r8qa
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3132
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.0609/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-esa-overload-via-numerous-shortened-urls-31642
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-14316 // 
            
            
            
            VULHUB: VHN-181257 // 
            
            
            
            JVNDB: JVNDB-2020-002247 // 
            
            
            
            CNNVD: CNNVD-202002-955 // 
            
            
            
            NVD: CVE-2020-3132

SOURCES
db:CNVDid:CNVD-2020-14316
db:VULHUBid:VHN-181257
db:JVNDBid:JVNDB-2020-002247
db:CNNVDid:CNNVD-202002-955
db:NVDid:CVE-2020-3132

LAST UPDATE DATE
2024-11-23T21:59:29.798000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-14316date:2020-02-28T00:00:00
db:VULHUBid:VHN-181257date:2020-02-27T00:00:00
db:JVNDBid:JVNDB-2020-002247date:2020-03-09T00:00:00
db:CNNVDid:CNNVD-202002-955date:2020-02-28T00:00:00
db:NVDid:CVE-2020-3132date:2024-11-21T05:30:23.547

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-14316date:2020-02-28T00:00:00
db:VULHUBid:VHN-181257date:2020-02-19T00:00:00
db:JVNDBid:JVNDB-2020-002247date:2020-03-09T00:00:00
db:CNNVDid:CNNVD-202002-955date:2020-02-19T00:00:00
db:NVDid:CVE-2020-3132date:2020-02-19T20:15:14.957